Date: Thu, 9 Sep 2010 13:12:14 -0400 From: Charles Weir <cweir@...edu> To: john-users@...ts.openwall.com Subject: Attacking Windows-ALT chars in LM Hashes I apologize if this has been asked, (and answered), before, but every once in a while I run into a LM hash that was created using one of the ALT characters in Windows, (aka holding down the ALT+4 digits). I'm currently trying to figure out the best, (or a least several different), ways of attacking these passwords. The following webpage has an example of some of the more commonly used ALT characters: http://tlt.its.psu.edu/suggestions/international/accents/codealt.html Now, there's always Dumbforce mode: http://www.openwall.com/lists/john-users/2008/03/17/2 But I would like to do something a little smarter, (plus I don't even have close to the computer power to crack the first 7char half using dumbforce). So far, here's where I'm at: 1) While I love incremental mode, this isn't really the way to go. I don't have enough passwords using ALT characters to train on, and I would have to pair it with an external mode to ensure each guess contained at least one ALT character. 2) I could certainly modify dumbforce/or knownforce mode to target a limited range of the most commonly used ALT + normal characters. I guess my biggest question then is what numerical values do the ALT characters correspond to? aka is ALT-0142 represented as a character with value 142 in Windows, or is it encoded some other way? 3) As a similar question, I remember reading somewhere that LANMAN doesn't handle certain ALT characters, (in which case you would only end up with NTLM hashes). Does anyone have a list of the allowed ALT characters? Also does Windows LM capitalize ALT characters like ALT-0228 which is the lowercase a with the umlaut? 4) Is there a way to include these ALT characters in John's wordlist rules? For example, I'd like to have a rule sa"ALT-0288", which would replace 'a' with the ALT-0228 character. I guess what I'm trying to say is if there is a way to specify the hex value of a character vs just typing it in the config file. Now I'll freely admit, not many people use ALT characters, but when I do run across an 'Unbreakable' LM hash I'd love to have a few tricks up my sleeve to deal with it. Also, if they are using a different codepage encoding, (instead of using ALT characters), that opens up a whole new can of worms. Any other suggestions/tips/tricks on dealing with these would be greatly appreciated, (I saw a few posts on how to include non-English characters, but nothing on how they interact with LM hashes). Finally on a somewhat unrelated note, is there any easy way to search throught the mailing list archive. I've looked through the selected posts on the wiki, and found the actual mailing list archie at http://www.openwall.com/lists/john-users/, but I was wondering if there was a search option, since I really doubt I'm the first person to run into this problem and I hate spamming the list with questions that have already been answered. Thanks, Matt Weir
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.